What, in earth is wrong with this login?

[TeddyKiller]

I have a database factory. I believe all is working - no errors.

I have a users class. Which has all 'valid email' etc etc.

I have a session class. Which has all the 'login' and process functions etc.

 

Now when you login, it redirects you to main.php - Which is what it should do.

In config.php, it calls all the classes, etc. It starts a new session.

Though, if two sessions are set, it calls the checkLogin function. When a user logs in, gets redirected to main.php, it'll load the config file, and process the checkLogin.

 

I call the users username (To see if its getting the users logged in information)

To call a username, it would be .. $user->username; and it doesn't get displayed.

When a user logs in, $this->logged_in is set as 1. I do a check, if $this->logged_in, is set. If it isn't.. it'll redirect back to the index page. What it does, is redirects back to the index page.

 

So not only is $this->logged_in, not being set, it's not getting the information of the current logged in user.

 

I don't really know the problem.. i just know thats what it's doing.

 

config.php - I cut out the variables for the connections

<?php
require_once("db.php");
require_once("user.php");
require_once("session.php");

$db = DatabaseAdapterFactory::factory('mysql', DB_SERVER, DB_USER, DB_PASS, DB_NAME);
$db->connect();

$session = new Session;

$secret_key = '103041231';

if(isset($_SESSION['uid']) && isset($_SESSION['hash'])) {
    $user = $session->checkLogin($secret_key);
} 
?>

 

main.php

<?php
require_once("include/config.php"); 

if(!$session->logged_in) : redirect("/new/index.php"); endif;

echo $user->username;
?>

 

Part of the login page. Got the call to the login function, doesn't have the form as it isn't nessecary.

<?php
require_once("include/config.php");

if ($session->logged_in) : redirect("main.php"); endif;

/* Lets do the login */
if (isset($_POST['login'])) :
    $result = $session->login($_POST['username'], $_POST['password'], isset($_POST['keep']), $secret_key);
    if ($result) : redirect("main.php"); endif;
endif;
?>

 

session.php - missing a few functions. If you need the code for certain functions. let me know. - I just put the most important functions in.

<?php
class Session extends User {
    
    public $time;
    public $logged_in = NULL;
    public $ip;
    
    public function __construct() {
        $this->time = time();
        $this->ip = $_SERVER['REMOTE_ADDR'];

        $this->startSession();
    }

    public function startSession() {
        session_start();
    }
    
    public function checkLogin($secret_key) {
        global $db;
        
        if (isset($_COOKIE['HORBLECOOKIE'])) :
            $data = explode('-', $_COOKIE['HORBLECOOKIE']);
            $_SESSION['uid'] = $data[1];
            $_SESSION['hash'] = $data[0];
        endif;
        
        $this->uid = $_SESSION['uid'];
        $this->hashkey = $_SESSION['hash'];
        
        if (!isset($this->uid) || !isset($this->hashkey)) {} else {
            $check = sha1($this->uid . $this->ip . $secret_key);
            if ($check != $this->uid) {
                $this->logout();
            } else {
                $query = $db->execute("SELECT * FROM users WHERE id='".$this->uid."'");
                $userarray = $db->fetchassoc($query);
                if ($db->numrows($query) == 0) {
                    $this->logout();
                }
                foreach($userarray as $key=>$value) {
                    $user->$key = $value;
                }
                $this->logged_in = 1;
                return $user;
            }
        }
    }

    public function login($username, $password, $keepmein, $secret_key) {
        global $msgError;
        
        $this->username = clean($username, 1, 1, 2);
        $this->password = clean($password, 1 , 1, 0);
        
        if (empty($this->username) || empty($this->password)) {
            
            $msgError = "You have left empty fields!";
            
            return;
            
        }
        
        $result = User::confirmUserPass($this->username, $this->password);
        
        if ($result == 1 || $result == 3) {
            
            $msgError = "Please enter valid username and password.";
            
            return;
            
        } elseif ($result == 2) {
            
            $msgError = "Your user account has not been activated yet!";
            
            return;
            
        }
        
        if (empty($msgError)) {
            
            $this->userinfo = User::getUserInfo('users', 'username', $this->username);
            
            $this->id = $_SESSION['uid'] = $this->userinfo['id'];
            $this->hashkey = $_SESSION['hash'] = sha1($this->id . $this->ip . $secret_key);
              
            User::updateUserField('users', $this->username, "last_login", $this->time);
            User::updateUserField('users', $this->username, "ip", $this->ip);
            
            if ($keepmein) {
                
                setcookie("HORBLECOOKIE", $this->hashkey . '-' . $this->id, $this->time + COOKIE_EXPIRE);
                
            }
            
            $this->logged_in = 1;
            
            return true;
            
        } else {
            
            return false;
            
        }
    }
    
    public function logout() {
        if (isset($_COOKIE['HORBLECOOKIE'])) {
            setcookie("HORBLECOOKIE", "", $this->time - COOKIE_EXPIRE);
        }
        
        session_unset();
        
        session_destroy();
        
        $this->logged_in = 0;
        
        redirect("/new/index.php");
    }
}
?> 

 

Basically. with that $this->logged_in check, when you login, it'll redirect you back the index page.. because it simply isn't being set. I don't know if the checkLogin function is being stopped somewhere.. and returning true without doing the rest of it.. or anything.

 

Any ideas?

[TeddyKiller]

if ($check != $this->uid) {/i] should of been if ($check != $this->hashkey) {

Although this doesn't fix the problem.

[TeddyKiller]

Done some error checking. When you are logged in, or even when you aren't the echos come up.

	public function startSession() {
	session_start();
	echo 'Sessions started ';
    }

 

and

if(isset($_SESSION['uid']) && isset($_SESSION['hash'])) {
//$user = $session->checkLogin($secret_key);
echo 'Sessions are set'; exit;
} else { echo 'sessions arent set'; }

It keeps saying "sessions started sessions arent set"

 

Seriously.. what's doing this..

[TeddyKiller]

$this->id = $_SESSION['uid'] = $this->userinfo['id'];
$this->hashkey = $_SESSION['hash'] = sha1($this->id . $this->ip . $secret_key);

 

This sets the sessions. So I don't get why it don't work. No errors get shown. Before the return true in the login function. I did "echo 'logged in'; exit;" and it echos out logged in. So its doesn't it correctly. but not setting any sessions. I really don't understand why..

 

If I click the remember me button. I recieve this error.. Warning: Cannot modify header information - headers already sent by (output started at /home/jeanie/public_html/new/include/session.php:38) in /home/jeanie/public_html/new/include/session.php on line 116

 

Line 116.. is ..setcookie("HORBLECOOKIE", $this->hashkey . '-' . $this->id, $this->time + COOKIE_EXPIRE);

 

Maybe this is the problem? although.. how can I fix it, is it because of the echo's I have.. because thats giving out output.. or is it another thing.. arghhh. I removed the echo's.. tried to login, with checking the remember me too. It doesn't work...

 

It needs sorting asap. =[

[TeddyKiller]

Ohmy. I did some checking. A function wasn't working.

 

	public function getUserInfo($table, $field, $value) {
        global $db;
        
$sql = "SELECT * FROM `" . $table . "` WHERE `" . $field . "` = ' " . $value ." '";
        $result = $db->execute($sql);
          
if (!$username) : return false; endif;
          
        if ($db->numrows($result) > 0) :
                return $db->fetchassoc($result);
        else :
	return null;
endif;
    }

 

Two problems. The white space in the query, and the $username. Sorted it... sorry for the thread.. although I guess someone could of suggested the echoing of the sessions in turn. Anyway.. Thanks.